Finding Passwords
Peter Wemm
wemmp at cutmcvax.OZ
Mon Oct 8 19:47:05 AEST 1990
Just a thought on all this trojan/spoofing stuff... what about if the
spoffer opens a tty/pty that just transfers characters between master/slave
and the process catches all data passing through containing the lines
'login:' or 'password'. I think it can. That way it could run a fake
getty/REAL login or perhaps even both of the real programs!! It would
be in-detectable except that if the user typed 'tty' they would
be on ttyp? instead of the normal line. Again, this requires physical access
to the terminal or line.
Just a thought.......
-Peter
--
-----------------------------------------------------------------------
ACSnet: wemmp at cutmcvax.oz
ARPA: wemmp%cutmcvax.oz.au at uunet.uu.net
UUCP: {uunet,hplabs,ukc}!munnari!cutmcvax.oz.au!wemmp
-----------------------------------------------------------------------
------- Who me?? That?? No, That is just terminal line noise!! --------
-----------------------------------------------------------------------
More information about the Comp.unix.internals
mailing list